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DETAILED ACTION 

Response to Amendment 

1 . This action is in response to the amendment filed on Feb. 2, 2004. 

2. Claims 1, 3, 8 and 12 have been amended. Claims 1-15 are pending. 
Claims 1, 8 are independent claims. 



Response to Arguments 

3. Applicant's arguments have been fully considered but they are not persuasive 
in overcoming the rejections based on the prior art of Jain et al., Goldman et 
al. and MacDoran et al. The applicant have argued the following: 
3.1 Under remarks, applicant argued that Jain does not teach or suggest the 
network data are transmitted both for an authentication purpose and for a 
non-authentication purpose. 

Examiner disagrees as this is clearly disclosed in Jain. ( Jain : see col. 
8, lines 48-50: "filtering network data to and from said arbitrary port based on 
the authentication status of the user at that port. ") and ( Jain : see col. 9, lines 
50-57: "performing an authentication process on an unauthenticated port 
prior to an unrestricted transmission or reception of network data through 
said intermediate system to said unauthenticated port said authentication 
process comprising using a public key/private key encryption algorithm to 
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determine that an end system connected to an unauthenticated port is in 
possession of a valid private key, said authentication process further ....") 
Jain discloses a security server ( Jain : see col. 5, lines 34-36) that controls 
the generation (including network data) of Challenge-Response with network 
data included. Therefore, the rejection of claims 1-15 is proper and 
maintained herein. 

4. The text of Title 35, U.S. Code not included in this action can be found in a prior 
Office action. 

Claim Rejections - 35 USC § 103 

5. Claims 1 and 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jain et al, U.S. Patent No. 6,31 1 ,218 in view of Goldman et al, U.S. Patent No. 
5,684,951. 

In regard to independent claim 1, Jain discloses authentication of a user on a 
node prior to allowing the user to send or receive data on a network (see col. 1 , line 60) 
from a client computer as End System (ES) that can represent end-user (see col. 3, line 
40, 41) data processing equipment as Personal computers (see col. 3, line 46) on Local 
Area Network (LAN). Jain discloses steps of: 

• detecting a network port connection from a client (see col. 4, line 56) on 
end system; 
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• composing a challenge for user authentication (see col. 2, line 2) associate 
with network connection (see col. 1, line 64), and "encrypting with a private 
key" (see col. 6, line 12); 

• transmitting the challenge (see col. 2, line 45); 

• receiving a response (see col. 2, line 46); 

• "decrypting with a public key" (see col. 6, line 14); 

• receiving network data (see col. 1 , line 60) through a network connection 

• deciding whether to accept the received network data, the deciding based, 
at least in part, on a result of the comparing step , (see col. 6, lines 18-21 : 
". . .end systems prevents unauthorized access to a network by controlling 
the flow of network data to end systems...." and col. 8, lines 6-12: "once 
said user is authenticated, allowing data packets to be transmitted or 
received by said user without including user identification or port 
identification information in said data packets..." and col. 10, lines 47-50 : 
"a comparator for comparing a response from an end system to a 
challenge, the validity of said response depending on a secret key being 
known at said end system" ) 

It is noted that Jain does not teach obtaining the Message Digest 
(MD) value based on the challenge by decrypting the response; the 
calculations in order to obtain a MD value; and comparing the MD values. 
However, Goldman discloses: 
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• generating a validation key (see col. 9, line 7) utilizing a well-known MD5 
Hash function, also referred to as a MD function, (see col. 9, line 14-16); 

• calculating the MD value of the key, the user entered validation value (see 
col. 9, line 42); 

• comparison (see Fig. 9) between the two MD values (see col. 10, line 52, 
53), whether a match is found. 

It would have been obvious to one of ordinary skill in the art at the 
time of the invention to combine the inventions of Jain and Goldman that 
encrypting the challenge procedure of Jain to incorporate MD values from 
hash function for a calculation (see col. 9, line 14, 15) and comparison of 
values (see col. 10, line 52, 53), then match MD values from a hash 
function as taught in Goldman. One of ordinary skill in the art would have 
been motivated to add the invention of Goldman with cryptographic 
functions utilizing a hash function (see col. 9, line 16) in order to secure 
user authentication prior to a transmission of network data through a 
network connection. 

In regard to independent Claim 8, Jain discloses a method of authenticating a 
user (see col.2, line 33) in Challenge-Response scheme (see Fig 5), and verifies the 
identity of a user prior to allowing the user to send or receive data (see col.1 , line 60). 

• detecting a network connection (see col. 4, line 20) is disclosed in Pafrf for 
transmitting data (see col. 4, line 21 ); 
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• receiving (see col. 2, line 56) from the end system network data transmitted 
through the network connection; 

• obtaining a user ID and a public key (see col. 4, line 27, 36); 

• composing a challenge for a user authentication, and encrypting with a 
private key (see col. 6, line 12); 

• sending the challenge (see col. 2, line 45) as directed to a method for 
encryption algorithm; 

• decrypting the challenge with a public key (see col. 6, line 14); encrypting 
with a private key of the user (see col. 6,line 12) to create a response; 

• sending the response to the policy agent (see col. 6, line 6); 

• decrypting (see col. 6, line 14) the response; 

• deciding whether to accept the received network data, the deciding based, 
at least in part, on a result of the comparing step , (see col. 6, lines 18-21: 

. .end systems prevents unauthorized access to a network by controlling 
the flow of network data to end systems...." and col. 8, lines 6-12: "once 
said user is authenticated, allowing data packets to be transmitted or 
received by said user without including user identification or port 
identification information in said data packets. .." and col. 1 0, lines 47-50 : 
"a comparator for comparing a response from an end system to a 
challenge, the validity of said response depending on a secret key being 
known at said end system" ) 
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It is noted that Jain does not disclose using a client computer on a 
network transmit network data through "a policy agent "; the calculations of 
cryptographic in order to obtain a Message Digest value; and comparing 
the two message digest values to determine whether there is a match there 
between. However, Goldman discloses: 

• generating a first MD value (see col. 9, line 14) based on the challenge and 
the network data of the user; 

• calculating (see col. 9, line 14, 15) a second MD value based on the 
challenge and the network data received through the network connection 
from the client computer; 

• comparing (see col. 10, line 52, 53) the first and second MD values to 
determine whether there is a match between values. 

It would have been obvious to one of ordinary skill in the art at the 
time the invention to modify Jain's encrypting the challenge procedure to 
incorporate with calculation (see col. 9, line 14, 15) and comparison of 
values (see col. 10, line 52, 53) to match message digests values from 
well-known hash function (Message Digest function) as taught in Goldman. 
One of ordinary skill in the art would have been motivated to substitute 
encryption/decryption with cryptographic functions utilizing the Hash 
function (see col. 9, line 16) in order to achieve strong security in user 
authentication over network. 
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Claims 3 - 7 and 9 - 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jain et al, U.S. Patent No. 6,31 1 ,218 in view of Goldman et al, U.S. Patent No. 
5,684,951. 

In regard to claim 3 and 10 Jain discloses composing a challenge by "encryption 
with a public key" (see col. 5, line 44, 45) of the user. 

In regard to claim 4 and 11 Jain discloses, "decrypting with a private key" the 
response (see col. 6, line 5) to return it, and also encrypting with a public key (see col. 
6, line 1) as claim 11 describes for the policy agent. 

In regard to claim 5 and 12 Jain discloses using the private key to encrypt the 
challenge (see col. 6, line 12), but Jain does not teach generating a 3 rd MD value from 
data, and encrypting the 3 rd MD value. However, Goldman discloses generation of the 
MD value with inclusion of the time value as "e.g., a coded timestamp" (see col. 9, line 
36). It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention that calculating one more of hash value from data including a time 
value, then encrypted with the private key as taught in Goldman. One of ordinary skill in 
the art would have been motivated to generate 3 rd MD value from network data with a 
hash function (see col. 9, line 16) in order to prevent unauthorized user accessing data 
from the network. 

In regard to claim 6 and 13 Jain discloses authentication process allowing data 
packets to be transmitted by user (see col. 9, line 16). But Jain does not disclose a form 
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of packets for the received network data, and the calculation of the second MD value 
based on a pre-selected number of packets. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to modify Jain's encrypting the 
challenge procedure to incorporate MD values from a hash function for a calculation 
(see col. 9, line 14, 15) and comparison of hash values (see col. 10, line 52, 53), then 
match MD values from hash function as taught in Goldman. One of ordinary skill in the 
art would have been motivated to substitute encryption/decryption with cryptographic 
functions utilizing the hash function (see col. 9, line 16) in order to guarantee the 
authenticity and validity of network data. 

In regard to claim 7 and 9 Jain discloses according to the valid user ID after a 
match (see col. 10, line 54) occurs between two MD values. But Jain does not disclose 
having further executable instructions for performing access policies on the received 
network data. It would have been obvious to one of ordinary skill in the art at the time of 
the invention to implement a procedure to perform specific functions after user 
validation, which was incorporated MD values then match the MD values from hash 
function as taught in Goldman. One of ordinary skill in the art would have been 
motivated to having further executable instructions for performing access policies (see 
col. 9, line 16) after the associated data received from network are ensured in order to 
allow further transmission of network data by a trusted authority. 
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In regard to claim 14 Jain discloses the data decrypted from the challenge. 
Gordman discloses, wherein the step of the client computer generating the first MD 
value based on a random number, and data of the pre-selected packets (see col. 9, line 
38, 41 ) of the received network data. It would have been obvious to one of ordinary skill 
in the art at the time of applicant's invention that calculating one more of hash 
encryption from data, which is encrypted with the private key of the policy agent, after 
generation of MD value based on a random number, data decrypted from the challenge, 
and data of the pre selected packets (see col. 9, line 39) as taught in Goldman for user 
authentication. One of ordinary skill in the art would have been motivated to substitute a 
detailed data packet form as an input to the hash function (see col. 9, line 38-41) using 
a principle of message digest function (see col.9, line 16) in order to compose the MD 
value including "time value" (see col. 9, line 14, 15) to modify Jain, because it prevents 
fraudulent data sending through network by improving the efficiency of the verification 
method for supporting the user to access network data. 

Claims 2 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
et al, U.S. Patent No. 6,31 1 ,218 in view of Goldman et al, U.S. Patent No. 5,684,951 , 
and further in view of MafiDoran et al. U.S. Patent No. 5,757,916. 

Jain and Goldman do not disclose the policy agent is a firewall. However, 
jM^SCI teaches that an authentication server software for secure network be a 
firewall of the network architecture (see col. 15, line 55) to perform the functions of a 
policy agent. It would have been obvious to one of ordinary skill in the art at the time of 
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the invention to modify the policy agent role in jUj to implement a firewall as a security 
processor for a security entity (see col. 1 5, line 40) as taught in jT^^rin!. One of 
ordinary skill in the art would have been motivated to use a firewall in place of a policy 
agent to modify Jain, because the security policy implementation on network using a 
firewall is an effective safe guard to protect a network system in order to authenticate 
the client and data through the network connection. 



6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



Conclusion 
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Contact Information 



7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kyung H Shin whose telephone number is 703-305- 
071 1 . The examiner can normally be reached on 6:30 am - 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Kyung H Shin 
Patent Examiner 
Art Unit 2132 
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May 12,2004 
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